Keep track of IPs for PVE hosts

Yea they're all random, I'll deal with that later
This commit is contained in:
Jake Howard 2021-01-31 12:46:43 +00:00
parent 9023b269eb
commit 058290b321
Signed by: jake
GPG key ID: 57AFB45680EDD477
11 changed files with 33 additions and 19 deletions

View file

@ -1,5 +1,5 @@
nebula: nebula:
subnet: 10.23.2.0/24 cidr: 10.23.2.0/24
clients: clients:
casey: casey:
ip: 10.23.2.1 ip: 10.23.2.1

View file

@ -0,0 +1,13 @@
pve_hosts:
internal_cidr: 10.23.1.0/24
ingress:
ip: 192.168.2.201
internal_ip: 10.23.1.88
jellyfin:
ip: 192.168.2.46
internal_ip: 10.23.1.29
pve_docker:
ip: 192.168.2.47
internal_ip: 10.23.1.7
homeassistant:
ip: 192.168.2.41

View file

@ -1,9 +1,7 @@
expose_ssh: true expose_ssh: true
private_ip: "{{ ansible_default_ipv4.address }}" private_ip: "{{ pve_hosts.pve_docker.ip }}"
protected_ip: 192.168.2.47 protected_ip: "{{ pve_hosts.pve_docker.internal_ip }}"
traefik_proxy_protocol_trusted_ips: 10.23.0.0/16
traefik_provider_jellyfin: true traefik_provider_jellyfin: true
traefik_provider_homeassistant: true traefik_provider_homeassistant: true

View file

@ -32,7 +32,7 @@ tun:
routes: routes:
unsafe_routes: unsafe_routes:
{% if ansible_fqdn != "ingress" %} {% if ansible_fqdn != "ingress" %}
- route: 10.23.1.0/24 - route: "{{ pve_hosts.internal_cidr }}"
via: "{{ nebula.clients.ingress.ip }}" via: "{{ nebula.clients.ingress.ip }}"
{% endif %} {% endif %}

View file

@ -59,7 +59,7 @@
table: nat table: nat
chain: POSTROUTING chain: POSTROUTING
out_interface: ens18 out_interface: ens18
source: "{{ nebula.subnet }}" source: "{{ nebula.cidr }}"
jump: MASQUERADE jump: MASQUERADE
notify: persist iptables notify: persist iptables
become: true become: true

View file

@ -4,7 +4,7 @@
- ip - ip
- route - route
- show - show
- "{{ nebula.subnet }}" - "{{ nebula.cidr }}"
register: routes register: routes
changed_when: false changed_when: false
become: true become: true
@ -15,8 +15,8 @@
- ip - ip
- route - route
- add - add
- "{{ nebula.subnet }}" - "{{ nebula.cidr }}"
- via - via
- "{{ ingress_private_ip }}" - "{{ pve_hosts.ingress.internal_ip }}"
become: true become: true
when: nebula.subnet not in routes.stdout when: nebula.cidr not in routes.stdout

View file

@ -1 +0,0 @@
ingress_private_ip: 10.23.1.88

View file

@ -1,7 +1,5 @@
traefik_influx_db_dir: ./influxdb traefik_influx_db_dir: ./influxdb
traefik_proxy_protocol_trusted_ips: "{{ wireguard.cidr }}"
traefik_provider_jellyfin: false traefik_provider_jellyfin: false
traefik_provider_homeassistant: false traefik_provider_homeassistant: false

View file

@ -9,4 +9,4 @@ http:
service-homeassistant: service-homeassistant:
loadBalancer: loadBalancer:
servers: servers:
- url: http://192.168.2.41:8123 - url: http://{{ pve_hosts.homeassistant.ip }}:8123

View file

@ -9,4 +9,4 @@ http:
service-jellyfin: service-jellyfin:
loadBalancer: loadBalancer:
servers: servers:
- url: http://10.23.1.29:8096 - url: http://{{ pve_hosts.jellyfin.internal_ip }}:8096

View file

@ -3,17 +3,23 @@ entryPoints:
address: :80 address: :80
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- "{{ traefik_proxy_protocol_trusted_ips }}" - "{{ wireguard.cidr }}"
- "{{ pve_hosts.internal_cidr }}"
- "{{ nebula.cidr }}"
web-secure: web-secure:
address: :443 address: :443
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- "{{ traefik_proxy_protocol_trusted_ips }}" - "{{ wireguard.cidr }}"
- "{{ pve_hosts.internal_cidr }}"
- "{{ nebula.cidr }}"
matrix: matrix:
address: :8448 address: :8448
proxyProtocol: proxyProtocol:
trustedIPs: trustedIPs:
- "{{ traefik_proxy_protocol_trusted_ips }}" - "{{ wireguard.cidr }}"
- "{{ pve_hosts.internal_cidr }}"
- "{{ nebula.cidr }}"
traefik: traefik:
address: "{{ private_ip }}:8080" address: "{{ private_ip }}:8080"